OSVDB ID: 7595

Title: Mozilla Browsers shell: URI Arbitrary Command Execution

Info

Disclosure
Jul 08, 2004

Discovery
Unknown

Dates

Exploit
Jul 08, 2004

Solution
Unknown

Description

 Multiple Mozilla based web browsers contain a flaw that may allow a remote attacker to launch a program from a known location. The issue is triggered when rendering specially-crafted web page using the "shell:" command. This requires the attacker to trick a user into visiting the web page.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

 Upgrade to Mozilla 1.7.1 or higher, Firefox 0.9.2 and Thunderbird 0.7.2 or higher as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch provided in the external references.

Products

Mozilla Organization

Firefox for Windows

 0.1.x
0.2.x
0.3.x
0.4.x
0.5.x

Firefox for Windows

 0.6.x
0.7.x
0.8.x
0.9.1
0.9.0

Thunderbird for Windows

 0.1.x
0.2.x
0.3.x
0.4.x
0.0.x

Thunderbird for Windows

 0.5.x
0.6.x
0.7.1
0.7.0

Mozilla Web Browser for Windows

 0.x
1.0.x
1.1.x
1.2.x
1.3.x

Mozilla Web Browser for Windows

 1.4.X
1.5.x
1.6.x
1.7.0

References

Credit
  • Joshua Perrymon -


Direct URL: http://osvdb.org/7595